Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Massachusetts amends legislation protecting consumers from security breaches

    State Issues

    On January 10, the Massachusetts Governor signed HB 4806, following the House and Senate’s adoption of amendments to the bill. The bill, which is effective April 10, amends current law related to security breaches and the protection of consumer financial and credit information. Among other provisions, the amendments to the current law:

    • Prohibit users from requesting or obtaining the consumer credit report of a consumer unless the user obtains the consumer’s prior written, verbal, or electronic consent, and discloses the user's reason for accessing the consumer report to the consumer prior to obtaining consent.
    • Require every consumer reporting agency to disclose to consumers, when properly identified, (i) the nature, contents, and substance of all information on file (except medical information) at the time of the request; (ii) the sources of all credit information; and (iii) “the recipients of any consumer report on the consumer which it has furnished for employment purposes within the 2-year period preceding the request, and for any other purpose within the 6-month period preceding the request.”
    • State that a consumer reporting agency may not charge a fee to any consumer for placing, lifting, or removing a security freeze from a consumer report.
    • Specify that a consumer reporting agency may not “knowingly offer a paid product to prevent unauthorized access or restrict access to a consumer's credit.”
    • Require persons who experience a security breach to report specific information to the state Attorney General, as well as certify that their credit monitoring services are in compliance.
    • State that consumers shall receive notice provisions in the event of a breach of security, including the right to obtain police reports, steps for requesting a security freeze, and various mitigation services.
    • Require persons who experience a breach that compromises social security numbers to provide at least 18 months of free credit monitoring for affected individuals.

    State Issues State Legislation Credit Reporting Agency Privacy/Cyber Risk & Data Security Security Freeze Data Breach

    Share page with AddThis
  • New York enacts law covering collection of family member debts

    State Issues

    On December 28, the New York governor signed S3491A, which amends the state’s general business law to add a section prohibiting principal creditors and/or debt collection agencies from making any representations that a person is required to pay the debt of a family member in a way that contravenes the FDCPA or that misrepresent the person’s obligation to pay such debts. The amendment defines “debt collection agency” as “a person, firm or corporation engaged in business, the principal purpose of which is to regularly collect or attempt to collect debts: (a) owed or due or asserted to be owed or due to another; or (b) obtained by, or assigned to, such person, firm or corporation, that are in default when obtained or acquired by such person, firm or corporation.” The law is effective 90 days after enactment.

    State Issues State Legislation Debt Collection Vicarious Liability FDCPA

    Share page with AddThis
  • New York enacts law covering collection of family member debts

    State Issues

    On December 28, the New York governor signed S3491A, which amends the state’s general business law to add a section prohibiting principal creditors and/or debt collection agencies from making any representations that a person is required to pay the debt of a family member in a way that contravenes the FDCPA or that misrepresent the person’s obligation to pay such debts. The amendment defines “debt collection agency” as “a person, firm or corporation engaged in business, the principal purpose of which is to regularly collect or attempt to collect debts: (a) owed or due or asserted to be owed or due to another; or (b) obtained by, or assigned to, such person, firm or corporation, that are in default when obtained or acquired by such person, firm or corporation.” The law is effective 90 days after enactment.

    State Issues State Legislation Debt Collection Vicarious Liability FDCPA

    Share page with AddThis
  • Massachusetts enacts legislation amending consumer protections from security breaches

    State Issues

    On January 10, the Massachusetts Governor signed HB 4806, following the House and Senate’s adoption of amendments to the bill. The bill, which is effective April 10, amends current law related to security breaches and the protection of consumer financial and credit information. Among other provisions, the amendments to the current law:

    • Prohibit users from requesting or obtaining the consumer credit report of a consumer unless the user obtains the consumer’s prior written, verbal, or electronic consent, and discloses the user's reason for accessing the consumer report to the consumer prior to obtaining consent.
    • Require every consumer reporting agency to disclose to consumers, when properly identified, (i) the nature, contents, and substance of all information on file (except medical information) at the time of the request; (ii) the sources of all credit information; and (iii) “the recipients of any consumer report on the consumer which it has furnished for employment purposes within the 2-year period preceding the request, and for any other purpose within the 6-month period preceding the request.”
    • State that a consumer reporting agency may not charge a fee to any consumer for placing, lifting, or removing a security freeze from a consumer report.
    • Specify that a consumer reporting agency may not “knowingly offer a paid product to prevent unauthorized access or restrict access to a consumer's credit.”
    • Require persons who experience a security breach to report specific information to the state Attorney General, as well as certify that their credit monitoring services are in compliance.
    • State that consumers shall receive notice provisions in the event of a breach of security, including the right to obtain police reports, steps for requesting a security freeze, and various mitigation services.
    • Require persons who experience a breach that compromises social security numbers to provide at least 18 months of free credit monitoring for affected individuals.

    State Issues State Legislation Credit Reporting Agency Privacy/Cyber Risk & Data Security Security Freeze Data Breach

    Share page with AddThis
  • Ohio mortgage servicers now required to register

    State Issues

    On December 19, 2018, the Ohio Governor signed Substitute House Bill 489 (HB 489), which amends the Ohio Residential Mortgage Lending Act (RMLA) to, among other things, require a person acting as mortgage servicer to obtain a Residential Mortgage Lending Act Certificate of Registration in the state, unless exempt from the RMLA. The amendments define a “mortgage servicer” as an entity that holds mortgage servicing rights, records mortgage payments on its books, or carries out other responsibilities under the mortgage agreement.

    HB 489 also revises the laws governing financial institution regulations and consumer protections. Specifically, it includes amendments which (i) provide some regulatory relief to state banks and credit unions concerning the frequency of examinations that meet certain conditions; (ii) enable requests for data analytics to be conducted on publicly available information regarding regulated state banks, credit unions, and consumer finance companies; and (iii) require that a specified notice be given to a debtor for certain collections related to defaulted debt secured by junior liens on residential properties.

    The amendments take effect 91 days after the bill is filed with the Ohio Secretary of State.

    State Issues State Legislation Licensing Mortgages Mortgage Servicing

    Share page with AddThis
  • New York governor creates task force to study digital currency industry

    State Issues

    On December 21, the New York governor signed A08783, which creates a digital currency task force to conduct a comprehensive review related to the regulation of cryptocurrencies in the state. The act requires the task force to issue a report by December 15, 2020, with recommendations to “increase transparency and security, enhance consumer protections, and to address the long-term impact related to the use of cryptocurrency.” The report will also contain a review of laws and regulations on digital currency, including those used by other states, the federal government, and foreign countries.

    State Issues State Legislation Virtual Currency Cryptocurrency Blockchain

    Share page with AddThis
  • Illinois amends Residential Mortgage License Act

    State Issues

    On December 19, the Illinois governor signed HB 5542, which amends the state’s Residential Mortgage License Act of 1987 (the Act) to make various changes to state licensing requirements. Among other things, the amended Act (i) clarifies the definition of a “bona fide nonprofit organization”; (ii) provides a list of prohibited acts and practices; (iii) stipulates that a licensee filing a Mortgage Call Report is not required to file an annual report with the Secretary of Financial and Professional Regulation (Secretary) disclosing applicable annual activities; (iv) repeals a provision requiring the Secretary to obtain loan delinquency data from HUD as part of an examination of each licensee; (v) clarifies that the notice of change in loan terms disclosure requirements do not apply to any licensee providing notices of changes in loan terms pursuant to the CFPB’s Know Before You Owe mortgage disclosure procedure under TILA and RESPA, while removing the provision that previously excluded licensees limited to soliciting residential mortgage loan applications as approved by the Secretary from the requirements to provide disclosure of changes in loan terms; (vi) removes certain criteria concerning the operability date for submitting licensing information to the Nationwide Multistate Licensing System; and (vii) makes other technical and conforming changes. The amendments are effective immediately.

    State Issues State Legislation Licensing CFPB Know Before You Owe TILA RESPA Mortgages Disclosures

    Share page with AddThis
  • Pennsylvania amends state Check Casher Licensing Act

    State Issues

    On October 24, the Pennsylvania governor signed HB 2453, which amends the state’s Check Casher Licensing Act to make several changes in the licensing process for check-cashing entities. Specifically, the amendments (i) allow for check-cashing licenses to be issued for up to 14 months; (ii) require a licensee to demonstrate that it is conducting business in accordance with the law for annual renewal; and (iii) allow for the suspension or revocation of licenses for certain activities, including material misstatements in the application and engaging in dishonest, fraudulent, or illegal practices or conduct in connection with the check casher business. The amendments also, among other things, clarify that a licensee may not cash or advance any money on post-dated personal checks, but allow for the cashing of post-dated government checks if the check is dated no more than five days after it is presented to the licensee and the fee does not exceed the maximum permitted under the Act. Additionally, the amendments authorize fines of up to $10,000 for violations of the act. The amendments are effective on December 23, 2018.

    State Issues State Legislation Check Cashing Licensing

    Share page with AddThis
  • Consumer advocates testify before Senate Commerce Committee on need for federal consumer data privacy legislation

    Privacy, Cyber Risk & Data Security

    On October 10, the Senate Committee on Commerce, Science, and Transportation held the second in a series of hearings on the subject of consumer data privacy safeguards. The hearing entitled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act” heard from consumer privacy advocates on lessons from the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) of 2018, and what types of consumer protections should be considered in future federal legislation. Committee Chairman, Senator John Thune, opened the hearing by emphasizing the importance of promoting privacy without stifling innovation. Senator Thune stated that, while understanding the experience of technology and telecommunications companies in this space is important, any new federal privacy law must also incorporate views from affected industry stakeholders and consumer advocates.

    The consumer privacy advocate witnesses agreed there is a need for heightened consumer protections and rights, and that the time is ripe to have a debate on what a consumer data privacy law at the federal level would look like and how it would work with state level laws. However, witnesses cautioned that federal legislation should create a floor and not a ceiling for privacy that will not prevent states from passing their own privacy laws. One of the witnesses who led the effort behind the California ballot initiative that resulted in the CCPA emphasized that federal legislation should contain a robust enforcement mechanism, while a witness from the Center for Democracy & Technology said that (i) lawmakers should give the FTC the ability to fine companies that violate consumers’ privacy and provide the agency with more resources; and (ii) a federal law should cover entities of all sizes and clarify what secondary and third-party uses of data are permissible.

    Among other things, the hearing also discussed topics addressing: (i) GDPR open investigations; (ii) support for state Attorney General enforcement rights; (iii) privacy protections for children, including the strengths and weaknesses of the Children’s Online Privacy Protection Act, particularly with respect to children ages 13 and older; and (iv) consumers’ rights to control their personal data.

    Privacy/Cyber Risk & Data Security Data Breach U.S. Senate GDPR State Attorney General State Legislation Enforcement

    Share page with AddThis
  • New York prohibits auto lenders from remotely disabling a vehicle without providing notice

    State Issues

    On October 2, the New York governor signed SB 2484, which prohibits auto lenders from remotely disabling a vehicle without first providing notice of the disabling to the debtor. The act amends the state’s uniform commercial code and the general business law, in significant part, by: (i) defining a “payment assurance device” (“any device installed in a vehicle that can be used to remotely disable the vehicle”); (ii) requiring written notice of the possible remote disabling of a vehicle “in the method and timetable” agreed in the initial contract between the parties; (iii) identifying permissible methods of notice transmittal; and, (iv) specifying the permitted period between the postmarking of the notice and the date on which the auto lender or its agent obtains the right to disable the vehicle. The act takes effect immediately.

    State Issues State Legislation Auto Finance

    Share page with AddThis

Pages

Upcoming Events